IOI Corporation Hit by Fog Ransomware, 20 GB Data Compromised

Incident Date: Aug 06, 2024

Attack Overview

VICTIM

IOI Corporation Berhad

INDUSTRY

Agriculture

LOCATION

Malaysia

ATTACKER

Fog

FIRST REPORTED

August 6, 2024

Request Removal

Ransomware Attack on IOI Corporation Berhad by Fog Ransomware Group

IOI Corporation Berhad, a leading entity in the global palm oil industry, has recently been targeted by the notorious Fog ransomware group. The cybercriminals claim to have exfiltrated 20 GB of sensitive data from the company, marking a significant breach in IOI's cybersecurity defenses.

About IOI Corporation Berhad

IOI Corporation Berhad, commonly known as IOI, is a major player in the palm oil sector, with operations spanning plantation and resource-based manufacturing. The company manages approximately 176,925 hectares of oil palm plantations in Malaysia and Indonesia. IOI's manufacturing segment includes refining crude palm oil and producing oleochemicals and specialty oils, with facilities located across Asia, Europe, and the United States. The company employs around 28,000 individuals and reported a revenue of RM 17.54 billion for the financial year ending June 30, 2023.

Attack Overview

The Fog ransomware group has claimed responsibility for the attack on IOI Corporation Berhad via their dark web leak site. The attackers assert that they have exfiltrated 20 GB of sensitive data, which could potentially include proprietary information, financial records, and personal data of employees. This breach highlights the increasing threat of ransomware attacks on large corporations, particularly those in critical industries like agriculture.

About Fog Ransomware Group

Fog ransomware emerged in November 2021, primarily targeting Windows systems. It is known for encrypting files and appending extensions such as ".FOG" or ".FLOCKED" to filenames. The ransomware drops a ransom note named "readme.txt" or "HELP_YOUR_FILES.HTML," instructing victims to contact the attackers for file recovery. Fog ransomware has been particularly disruptive in the education and recreation sectors, exploiting compromised VPN credentials to infiltrate systems.

Penetration and Impact

The Fog ransomware group likely penetrated IOI Corporation's systems by exploiting vulnerabilities in their cybersecurity infrastructure, possibly through compromised VPN credentials. Once inside, the ransomware can disable security measures, encrypt critical files, and delete backups, making recovery challenging. The lack of a known decryptor for Fog ransomware exacerbates the situation, leaving victims with limited options for data recovery.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.